Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/nI5NCdmtStkGl8PmX4sZl4lJ0d0.roa
File:                     nI5NCdmtStkGl8PmX4sZl4lJ0d0.roa (raw, json)
Hash identifier:          cjYM2aQq4v8XueF1UgYd4H++DRsq/Hpr+SQGx9rrRlE=
Subject key identifier:   9C:8E:4D:09:D9:AD:4A:D9:06:97:C3:E6:5F:8B:19:97:89:49:D1:DD
Certificate issuer:       /CN=addd2a815060aa7e621a2094349758b2036896f0
Certificate serial:       0194B116C408143300ED0A4A0154D1ADA25C
Authority key identifier: AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/nI5NCdmtStkGl8PmX4sZl4lJ0d0.roa
Signing time:             Wed 29 Jan 2025 08:04:06 +0000
ROA not before:           Wed 29 Jan 2025 08:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201776
IP address blocks:        37.44.252.0/22 maxlen: 22
                          77.83.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:16:c4:08:14:33:00:ed:0a:4a:01:54:d1:ad:a2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=addd2a815060aa7e621a2094349758b2036896f0
        Validity
            Not Before: Jan 29 08:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c8e4d09d9ad4ad90697c3e65f8b19978949d1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:de:60:fd:93:20:a5:73:08:d4:39:eb:45:
                    92:a5:c0:a2:26:b3:94:54:6a:64:9f:1b:7c:c7:b2:
                    70:01:83:bf:1f:81:2c:53:67:ae:02:3c:cd:b4:eb:
                    f3:3c:15:4e:0a:47:be:e0:a3:43:2f:63:6b:30:8c:
                    15:45:c2:f8:cd:f7:60:02:e2:1a:07:ba:47:55:88:
                    b4:bc:92:c1:d2:58:75:1e:66:c1:7b:c2:ab:e1:ab:
                    15:60:3d:35:95:06:0c:49:e6:e6:4c:4d:34:f2:4a:
                    a4:e7:be:3f:00:ed:bf:a4:a1:ef:d7:7d:b0:66:4a:
                    0d:5c:20:29:89:00:66:2c:93:a7:40:cb:52:db:1c:
                    15:0d:3a:1d:21:d1:01:71:23:f5:e4:4d:6a:49:24:
                    5c:32:37:f6:a7:9f:8b:5a:07:51:d6:db:2c:53:cc:
                    9a:f4:f5:c3:99:fe:e2:33:51:e2:94:11:f6:a5:f3:
                    a8:e1:d0:82:19:84:6b:b0:c8:eb:88:0b:d3:e5:f6:
                    00:36:7a:d0:fc:74:8f:94:bf:15:5f:39:59:d7:59:
                    f9:22:d1:7f:f8:66:53:dd:de:a2:7f:68:b3:87:94:
                    dc:1d:05:42:c3:66:a6:17:a3:0e:63:f2:60:0f:4c:
                    57:5a:65:ab:10:4d:f3:c9:28:6d:e5:88:88:61:fb:
                    4a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8E:4D:09:D9:AD:4A:D9:06:97:C3:E6:5F:8B:19:97:89:49:D1:DD
            X509v3 Authority Key Identifier:
                keyid:AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/nI5NCdmtStkGl8PmX4sZl4lJ0d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.252.0/22
                  77.83.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:a8:02:63:9f:0b:8d:0f:6f:c4:2d:a9:c2:06:c7:4e:f9:0c:
         2a:f7:ab:da:33:a8:d3:ce:37:26:e0:3c:e2:3c:d8:9e:3a:d8:
         b0:42:bf:fb:81:0c:90:b2:19:16:aa:23:de:4f:79:c4:89:b1:
         24:fa:fe:8d:7c:8e:e6:d6:b4:c9:ec:d1:ed:f0:36:d3:65:1f:
         fa:67:c2:bd:b3:fc:2d:26:41:32:2f:02:18:0d:92:44:75:05:
         27:d6:b5:64:33:4e:4a:7a:75:21:d6:95:97:e9:b0:de:0f:6e:
         f3:ad:ff:13:74:79:08:86:18:73:ad:69:d6:32:b8:55:50:db:
         8b:9f:a0:6f:6c:53:5c:23:40:34:df:c1:37:c4:d8:e4:74:d9:
         cb:75:38:0a:43:70:96:7d:ac:8d:ff:5b:55:06:07:8f:a7:c7:
         f0:82:7a:a1:d7:ad:7a:35:7b:4d:83:13:67:0e:1f:43:81:a5:
         67:dc:14:a4:5e:09:27:db:5f:39:1a:76:ba:b4:ea:44:19:e9:
         d1:44:ef:88:2f:96:b4:ec:09:1d:e0:a5:53:aa:b9:63:e9:25:
         c3:ef:38:95:28:51:63:2e:03:21:a5:50:bc:03:e5:22:9e:2c:
         bb:e5:c3:8a:c8:35:e5:31:98:be:af:fe:d7:83:fa:c9:30:f8:
         e2:18:35:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSxFsQIFDMA7QpKAVTRraJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZGQyYTgxNTA2MGFhN2U2MjFhMjA5NDM0OTc1OGIyMDM2
ODk2ZjAwHhcNMjUwMTI5MDgwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzhlNGQwOWQ5YWQ0YWQ5MDY5N2MzZTY1ZjhiMTk5Nzg5NDlkMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZXeYP2TIKVzCNQ560WSpcCiJrOU
VGpknxt8x7JwAYO/H4EsU2euAjzNtOvzPBVOCke+4KNDL2NrMIwVRcL4zfdgAuIa
B7pHVYi0vJLB0lh1HmbBe8Kr4asVYD01lQYMSebmTE008kqk574/AO2/pKHv132w
ZkoNXCApiQBmLJOnQMtS2xwVDTodIdEBcSP15E1qSSRcMjf2p5+LWgdR1tssU8ya
9PXDmf7iM1HilBH2pfOo4dCCGYRrsMjriAvT5fYANnrQ/HSPlL8VXzlZ11n5ItF/
+GZT3d6if2izh5TcHQVCw2amF6MOY/JgD0xXWmWrEE3zySht5YiIYftK+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJyOTQnZrUrZBpfD5l+LGZeJSdHdMB8GA1UdIwQY
MBaAFK3dKoFQYKp+YhoglDSXWLIDaJbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYt
OGEwZDBiZjBiNTc3LzEvbkk1TkNkbXRTdGtHbDhQbVg0c1psNGxKMGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYtOGEwZDBiZjBiNTc3
LzEvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJSz8AwQC
TVMIMA0GCSqGSIb3DQEBCwUAA4IBAQBhqAJjnwuND2/ELanCBsdO+Qwq96vaM6jT
zjcm4DziPNieOtiwQr/7gQyQshkWqiPeT3nEibEk+v6NfI7m1rTJ7NHt8DbTZR/6
Z8K9s/wtJkEyLwIYDZJEdQUn1rVkM05KenUh1pWX6bDeD27zrf8TdHkIhhhzrWnW
MrhVUNuLn6BvbFNcI0A038E3xNjkdNnLdTgKQ3CWfayN/1tVBgePp8fwgnqh1616
NXtNgxNnDh9DgaVn3BSkXgkn2185Gna6tOpEGenRRO+IL5a07Akd4KVTqrlj6SXD
7ziVKFFjLgMhpVC8A+Uiniy75cOKyDXlMZi+r/7Xg/rJMPjiGDXC
-----END CERTIFICATE-----